Third countries 

Transfers of Personal Data to Countries outside the European Union

The Dutch Data Protection Act (known by its Dutch initials, Wbp), which has been in force since 1 September 2001, contains rules on the transfer of personal data to countries outside the European Union. This is one of the new features of the Wbp, and one which is likely to have practical implications for internationally active businesses and other organisations.

pdf documentread this brochure (1.2 MB)
pdf documentdownload Application form for a permit (141 KB)

The basic rule is that personal data may be transferred to a third country only if the level of protection in that country is adequate. However, a third-country transfer is also allowed if it is covered by a statutory exception, or if a permit has been granted by the Minister of Justice. Ministerial permits are after advice of the Dutch DPA. The Dutch DPA also has the job of monitoring compliance with the Act, in connection with which it possesses powers of enforcement.

This booklet is intended to provide general guidance for organisations with an interest in this new field, and for their advisors. References to other useful sources of information are included. Careful and prompt consideration of the relevant issues can ensure that personal data are adequately protected in international transactions, just as they are in the domestic context.